The Benefits of Java Card in eUICC for IoT Devices
Transcript of The Benefits of Java Card in eUICC for IoT Devices
www.thalesgroup.comOPEN
The Benefits of Java Card in eUICC for IoT Devices
Denis Praca – THALESVice chairman of ETSI SCPDeputy chair of GSMA eSIM WGChairman of TCA eUICC WG
This
do
cu
me
nt
ma
y n
ot
be
re
pro
du
ce
d, m
od
ifie
d,
ad
ap
ted
, p
ub
lish
ed
, tr
an
sla
ted
, in
an
y w
ay, in
wh
ole
or
in
pa
rt o
r d
isc
lose
d t
o a
th
ird
pa
rty w
ith
ou
t th
e p
rior
writt
en
co
nse
nt
of
Tha
les
-©
Th
ale
s2
01
8 A
ll rig
hts
re
serv
ed
.
2 The Benefits of Java Card in eUICC for IoT Devices – 12 Nov 2020
Denis Praca - Thales
OPEN
Problem statement
▌Massive IoT deployment is driven by the availability of a lot of low cost
connected devices
Fierce competition leads to high pressure on device pricing
- Every cents is worth to save thus JavaCard may be initially seen as an expensive
solution (Implementation and license)
▌But this may be balanced by the following:
Security requirements and regulations are increasing
- Certification cost can be reduced by reuse of already certified platform and libraries
- JavaCard virtual machine provides process isolation mandatory for secure
applications
- Updates are easier to manage
Wide expertise on secure development of JavaCard applications is available
This
do
cu
me
nt
ma
y n
ot
be
re
pro
du
ce
d, m
od
ifie
d,
ad
ap
ted
, p
ub
lish
ed
, tr
an
sla
ted
, in
an
y w
ay, in
wh
ole
or
in
pa
rt o
r d
isc
lose
d t
o a
th
ird
pa
rty w
ith
ou
t th
e p
rior
writt
en
co
nse
nt
of
Tha
les
-©
Th
ale
s2
01
8 A
ll rig
hts
re
serv
ed
.
4 The Benefits of Java Card in eUICC for IoT Devices – 12 Nov 2020
Denis Praca - Thales
OPEN
ETSI SCP and 3GPP
▌ETSI SCP
The home of UICC
- TS 102 241 and TS 102 705 define
JavaCard APIs
UICC specifications also largely rely on GlobalPlatform JavaCard API specifications
UICC supports primary and secondary applications
▌ 3GPP
Defines JavaCard APIs for
USIM/ISIM and contact manager
This
do
cu
me
nt
ma
y n
ot
be
re
pro
du
ce
d, m
od
ifie
d,
ad
ap
ted
, p
ub
lish
ed
, tr
an
sla
ted
, in
an
y w
ay, in
wh
ole
or
in
pa
rt o
r d
isc
lose
d t
o a
th
ird
pa
rty w
ith
ou
t th
e p
rior
writt
en
co
nse
nt
of
Tha
les
-©
Th
ale
s2
01
8 A
ll rig
hts
re
serv
ed
.
5 The Benefits of Java Card in eUICC for IoT Devices – 12 Nov 2020
Denis Praca - Thales
OPEN
ETSI SCP and 3GPP
▌ETSI SCP
The home of UICC
- TS 102 241 and TS 102 705 define
JavaCard APIs
UICC specifications also largely rely on GlobalPlatform JavaCard API specifications
UICC supports primary and secondary applications
▌ 3GPP
Defines JavaCard APIs for
USIM/ISIM and contact manager
This
do
cu
me
nt
ma
y n
ot
be
re
pro
du
ce
d, m
od
ifie
d,
ad
ap
ted
, p
ub
lish
ed
, tr
an
sla
ted
, in
an
y w
ay, in
wh
ole
or
in
pa
rt o
r d
isc
lose
d t
o a
th
ird
pa
rty w
ith
ou
t th
e p
rior
writt
en
co
nse
nt
of
Tha
les
-©
Th
ale
s2
01
8 A
ll rig
hts
re
serv
ed
.
6 The Benefits of Java Card in eUICC for IoT Devices – 12 Nov 2020
Denis Praca - Thales
OPEN
GSMA
▌eSIM
JavaCard support is mandatory
for certification of eUICCs for
M2M prior to V4 and for consumer
prior to V3
It becomes optional for newer
releases
However, more than 90% of MNO
Profiles contain at least one
JavaCard application
▌ SAM
Defines an interoperable way to
load third party applications in an
eUICC
▌ IoT SAFE
Leveraging a hardware secure
element, or ‘Root of Trust’, to
establish end-to-end, chip-to-cloud
security for IoT products and
services
This
do
cu
me
nt
ma
y n
ot
be
re
pro
du
ce
d, m
od
ifie
d,
ad
ap
ted
, p
ub
lish
ed
, tr
an
sla
ted
, in
an
y w
ay, in
wh
ole
or
in
pa
rt o
r d
isc
lose
d t
o a
th
ird
pa
rty w
ith
ou
t th
e p
rior
writt
en
co
nse
nt
of
Tha
les
-©
Th
ale
s2
01
8 A
ll rig
hts
re
serv
ed
.
7 The Benefits of Java Card in eUICC for IoT Devices – 12 Nov 2020
Denis Praca - Thales
OPEN
TCA (Formerly SIMalliance)
▌eSIM
Defines the format of the data
used to download a Profile on an
eUICC
This specification includes the
installation of JavaCard
applications▌ IoT SAFE
Provides a common mechanism to
secure IoT data communications
This application may either be
interoperable (JavaCard) or native
This
do
cu
me
nt
ma
y n
ot
be
re
pro
du
ce
d, m
od
ifie
d,
ad
ap
ted
, p
ub
lish
ed
, tr
an
sla
ted
, in
an
y w
ay, in
wh
ole
or
in
pa
rt o
r d
isc
lose
d t
o a
th
ird
pa
rty w
ith
ou
t th
e p
rior
writt
en
co
nse
nt
of
Tha
les
-©
Th
ale
s2
01
8 A
ll rig
hts
re
serv
ed
.
8 The Benefits of Java Card in eUICC for IoT Devices – 12 Nov 2020
Denis Praca - Thales
OPEN
ENISA: GOOD PRACTICES FOR SECURITY OF IOT* (Extract)NOVEMBER 2019
▌Development / Implementation
Libraries
- Use of trusted security libraries when third-party resources are used, ensuring that they are widely tested based on certain security criteria so as to not compromise the software.
External checks
- Use of mechanisms to ensure that external libraries, tools or APIs used during the SDLC
phases such as development, deployment and maintenance are proven, secure and updated.
▌Testing / Acceptance
Security requirement tests
- Performance of security tests to ensure that software is free of known vulnerabilities and to detect risks related to security requirements
Penetration tests
- Testing to identify potential vulnerabilities that could exist in IoT solutions and could be exploited by an attacker
*:https://www.enisa.europa.eu/publications/good-practices-for-security-of-iot-1
This
do
cu
me
nt
ma
y n
ot
be
re
pro
du
ce
d, m
od
ifie
d,
ad
ap
ted
, p
ub
lish
ed
, tr
an
sla
ted
, in
an
y w
ay, in
wh
ole
or
in
pa
rt o
r d
isc
lose
d t
o a
th
ird
pa
rty w
ith
ou
t th
e p
rior
writt
en
co
nse
nt
of
Tha
les
-©
Th
ale
s2
01
8 A
ll rig
hts
re
serv
ed
.
9 The Benefits of Java Card in eUICC for IoT Devices – 12 Nov 2020
Denis Praca - Thales
OPEN
Considerations about certification
▌Number of connected devices is
booming
▌Security, safety and privacy risks
have increased accordingly
▌Scalability (due to high number of devices),
interoperability and application
independence (different devices and purposes) need to be addressed
▌Certification is the main protective means for the users but:
Proper certification is a long and costly process that could be improved by reuse
of certified platform and applications
This
do
cu
me
nt
ma
y n
ot
be
re
pro
du
ce
d, m
od
ifie
d,
ad
ap
ted
, p
ub
lish
ed
, tr
an
sla
ted
, in
an
y w
ay, in
wh
ole
or
in
pa
rt o
r d
isc
lose
d t
o a
th
ird
pa
rty w
ith
ou
t th
e p
rior
writt
en
co
nse
nt
of
Tha
les
-©
Th
ale
s2
01
8 A
ll rig
hts
re
serv
ed
.
11 The Benefits of Java Card in eUICC for IoT Devices – 12 Nov 2020
Denis Praca - Thales
OPEN
Use case: Roaming management
▌Roaming management allows MNOs to balance the use of roaming partners for the
benefit of the end user:
Limit or remove roaming cost
Direct subscribers to the best networks and to enhance the customer experience
▌The pure network steering solution can achieve about 75% steering efficiency.
However, by combining the network steering with Over The Air (OTA) commands,
operators can steer more than 95% of roaming traffic onto the most suitable
networks.
More than 90% of MNO’s Profiles come with a JavaCard application, mainly for roaming management
▌Roaming is not limited to smartphone. IoT devices, even low cost, shall be able to
handle roaming application
Additional roaming costs may be much higher that saving on device
This
do
cu
me
nt
ma
y n
ot
be
re
pro
du
ce
d, m
od
ifie
d,
ad
ap
ted
, p
ub
lish
ed
, tr
an
sla
ted
, in
an
y w
ay, in
wh
ole
or
in
pa
rt o
r d
isc
lose
d t
o a
th
ird
pa
rty w
ith
ou
t th
e p
rior
writt
en
co
nse
nt
of
Tha
les
-©
Th
ale
s2
01
8 A
ll rig
hts
re
serv
ed
.
12 The Benefits of Java Card in eUICC for IoT Devices – 12 Nov 2020
Denis Praca - Thales
OPEN
Use case: Roaming management
▌Roaming management allows MNOs to balance the use of roaming partners for the
benefit of the end user:
Limit or remove roaming cost
Direct subscribers to the best networks and to enhance the customer experience
▌The pure network steering solution can achieve about 75% steering efficiency.
However, by combining the network steering with Over The Air (OTA) commands,
operators can steer more than 95% of roaming traffic onto the most suitable
networks.
More than 90% of MNO’s Profiles come with a JavaCard application, mainly for roaming management
▌Roaming is not limited to smartphone. IoT devices, even low cost, shall be able to
handle roaming application
Additional roaming costs may be much higher that saving on device
This
do
cu
me
nt
ma
y n
ot
be
re
pro
du
ce
d, m
od
ifie
d,
ad
ap
ted
, p
ub
lish
ed
, tr
an
sla
ted
, in
an
y w
ay, in
wh
ole
or
in
pa
rt o
r d
isc
lose
d t
o a
th
ird
pa
rty w
ith
ou
t th
e p
rior
writt
en
co
nse
nt
of
Tha
les
-©
Th
ale
s2
01
8 A
ll rig
hts
re
serv
ed
.
13 The Benefits of Java Card in eUICC for IoT Devices – 12 Nov 2020
Denis Praca - Thales
OPEN
Use case: securing the IoT using IoTSAFE
▌IoT devices using 3GPP connectivity shall use a UICC including a USIM
application as defined by 3GPP specifications
Using this UICC or eUICC for securing the IoT comes for free ;-)
In case of eUICC, the IoTSAFE applet has to be interoperable
Combined with SAM, it can be provided by IoT device provider
▌But securing the IoT means more than securing
the communications
The full lifecycle shall be secured from design to
refurbishment*
Enforcement of security by design
Device
application
Device
Middleware
IoT Security
Applet
IoT Server
Application
IoT Server
Middleware
IoT Security
Server
Specified by GSMA
TLSCA1
server
client CA2
O
ROT
A
Ke
y
mg
t
*See : https://www.enisa.europa.eu/publications/guidelines-for-securing-the-internet-of-things
This
do
cu
me
nt
ma
y n
ot
be
re
pro
du
ce
d, m
od
ifie
d,
ad
ap
ted
, p
ub
lish
ed
, tr
an
sla
ted
, in
an
y w
ay, in
wh
ole
or
in
pa
rt o
r d
isc
lose
d t
o a
th
ird
pa
rty w
ith
ou
t th
e p
rior
writt
en
co
nse
nt
of
Tha
les
-©
Th
ale
s2
01
8 A
ll rig
hts
re
serv
ed
.
15 The Benefits of Java Card in eUICC for IoT Devices – 12 Nov 2020
Denis Praca - Thales
OPEN
Use of secure elements is not limited to devices using 3GPP connectivity
▌IoT devices are controlling our home, health care, security, privacy…
Securing these devices is not an option
▌Benefit of JavaCard Secure Elements:
Reuse of certified components (Hardware and Software)
Easy customization by the addition of JavaCard applications on top of basic
services as IoTSAFE
The SE carries device diversification
- Uniqueness of ID, keys
- Root of trust
Security implies updatability
This
do
cu
me
nt
ma
y n
ot
be
re
pro
du
ce
d, m
od
ifie
d,
ad
ap
ted
, p
ub
lish
ed
, tr
an
sla
ted
, in
an
y w
ay, in
wh
ole
or
in
pa
rt o
r d
isc
lose
d t
o a
th
ird
pa
rty w
ith
ou
t th
e p
rior
writt
en
co
nse
nt
of
Tha
les
-©
Th
ale
s2
01
8 A
ll rig
hts
re
serv
ed
.
16 The Benefits of Java Card in eUICC for IoT Devices – 12 Nov 2020
Denis Praca - Thales
OPEN
Integrated SE technology is coming (aka Integrated eUICC, iSIM,…)
▌Integrated SE technology has the potential to secure low cost IoT devices
Easier integration
Lower cost
Security equivalent to traditional embedded secure elements
▌But it may come with reduced flexibility
Harder customization
Diversification can be done only after device assembly
- Very limited amount of internal non-volatile memory
The System on Chip may not be the only element to consider during security
evaluation
- Use of shared external memory
This
do
cu
me
nt
ma
y n
ot
be
re
pro
du
ce
d, m
od
ifie
d,
ad
ap
ted
, p
ub
lish
ed
, tr
an
sla
ted
, in
an
y w
ay, in
wh
ole
or
in
pa
rt o
r d
isc
lose
d t
o a
th
ird
pa
rty w
ith
ou
t th
e p
rior
writt
en
co
nse
nt
of
Tha
les
-©
Th
ale
s2
01
8 A
ll rig
hts
re
serv
ed
.
17 The Benefits of Java Card in eUICC for IoT Devices – 12 Nov 2020
Denis Praca - Thales
OPEN
Customization
▌IoT devices are distributed through various channels which often require
branding and customization
MNOs
Service providers
▌Customization may include data exchange protocols, cryptographic
algorithms…
Different country regulations (Type of algorithms, key length, privacy …)
Different data format required by different service providers
▌How to handle security and certification requirements on multiple software
versions?
JavaCard modularity and isolation allow customization while keeping certification
status of the core system
This
do
cu
me
nt
ma
y n
ot
be
re
pro
du
ce
d, m
od
ifie
d,
ad
ap
ted
, p
ub
lish
ed
, tr
an
sla
ted
, in
an
y w
ay, in
wh
ole
or
in
pa
rt o
r d
isc
lose
d t
o a
th
ird
pa
rty w
ith
ou
t th
e p
rior
writt
en
co
nse
nt
of
Tha
les
-©
Th
ale
s2
01
8 A
ll rig
hts
re
serv
ed
.
18 The Benefits of Java Card in eUICC for IoT Devices – 12 Nov 2020
Denis Praca - Thales
OPEN
Software update
▌Software security is a moving target
New algorithms vulnerabilities are discovered every year
New type of attacks are emerging
Even certified products may suffer issues
▌Regular updates is mandatory in order to maintain device security
JavaCard, associated with GlobalPlatform architecture and protocols will help to
securely deploy and manage partial updates
- Reduced bandwidth for patch update vs full OS update
- Reduced deployment time
This
do
cu
me
nt
ma
y n
ot
be
re
pro
du
ce
d, m
od
ifie
d,
ad
ap
ted
, p
ub
lish
ed
, tr
an
sla
ted
, in
an
y w
ay, in
wh
ole
or
in
pa
rt o
r d
isc
lose
d t
o a
th
ird
pa
rty w
ith
ou
t th
e p
rior
writt
en
co
nse
nt
of
Tha
les
-©
Th
ale
s2
01
8 A
ll rig
hts
re
serv
ed
.
19 The Benefits of Java Card in eUICC for IoT Devices – 12 Nov 2020
Denis Praca - Thales
OPEN
Conclusion
▌When defining an IoT solution, security and privacy shall be a premium concern
▌IoT is not a mass market like smartphones, assembly of pieces of technologies is
more efficient than development from scratch, customization is required
▌Taking security and privacy into account from the beginning of a design, the Total
Cost of Ownership shall take into account:
Development from scratch vs reusability
Full certification vs certification by composition
Management and Deployment of the mandatory updates
Customization as per service providers and country regulations requests
▌At the end, JavaCard may prove to be cheaper and more efficient
to achieve your market goals